critical
suspicious.dangerous_exec
- Location
- scripts/generate.js:60
- Finding
- Shell command execution detected (child_process).
Keynote Video
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
A maliciously named presentation file, output path, or edited/generated spec value could cause the user’s machine to run unintended shell commands during video generation.
Why it was flagged
The script invokes a shell with interpolated user-controlled file paths and spec-derived voice/rate values. Double quotes do not safely neutralize embedded quotes, command substitutions, or unvalidated option values, and voice/rate are not quoted or whitelisted.
Skill content
execSync(`libreoffice --headless --convert-to pdf --outdir "${outputDir}" "${pptPath}"`, ...); ... `edge-tts --text "${escapeForShell(scriptText)}" --voice ${voice} --rate ${rate} --write-media "${audioFile}"`Recommendation
Replace execSync shell strings with execFileSync/spawnSync argument arrays, validate and normalize all paths inside the project directory, whitelist voice and rate values, and reject shell metacharacters in user-controlled fields.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Users may not see dependency and package-install requirements before installation, and the listed packages are not pinned in the provided artifacts.
Why it was flagged
The skill documents external package/system dependency installation, while the registry metadata declares no required binaries and there is no install spec.
Skill content
pip install python-pptx ... pip install PyMuPDF ... sudo apt-get install poppler-utils
Recommendation
Declare required binaries and dependencies in metadata or an install spec, pin package versions where practical, and keep setup commands clearly user-approved.
NoteMedium Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Confidential slide content may be processed by the TTS provider/toolchain during audio generation.
Why it was flagged
The generated narration text, which may be derived from the user’s slides or background materials, is sent to the edge-tts tool for speech synthesis; the documentation also notes checking the network when edge-tts fails.
Skill content
`edge-tts --text "${escapeForShell(scriptText)}" --voice ${voice} --rate ${rate} --write-media "${audioFile}"`Recommendation
Warn users before processing sensitive decks, document the TTS data flow clearly, and offer or recommend an approved local/private TTS option for confidential material.